LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Digital Rights Management and Forced Retention WAS Re: [RM] FW: Stellent Acquires SealedMedia and Bitform
From:	Patrick Cunningham <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Wed, 9 Aug 2006 12:55:26 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (80 lines)

This has been my question ever since Disappearing, Inc. rolled out a
similar product a number of years ago (while I always thought that was
an incredibly apt name for the company, they have since been merged
into another organization).

I think the concept of DRM governing the availability of an electronic
record in accord with an approved records rtenetion schedule is an
interesting idea. You can limit distribution of a document and ensure
that it is effectively made unavailable after the retention period is
complete. However, the "document" will still exist, albeit in an
encrypted form. Ideally, the DRM system would then want to periodically
sweep through a repository and delete those documents for which the key
has expired. Problem is, documents which have been removed from the
repository may continue to exist because the system has no way to know
where they reside (or their location is outside the network). So what
about these? An email from one relevant party to another may exist, but
the content will be unknown. A Word document exists, but it is
completely encrypted. In theory, that encryption could be broken, but
it would require a considerable effort. So the question then is, would
the court simply allow an opposing attorney to infer the content of an
encrypted document, would the document producer be forced to try and
decrypt it, or would the document be considered "destroyed" within the
context of the records retention program? Arguably, you might compare
it to a case where an employee was taking home sacks of shredded paper
to use in his or her Ebay business. If litigation began and discovery
was ordered, would a company be forced to reassemble the shredded
documents simply because an employee was in possession of the shredded
remains?

So that deals with enforcement of retention schedules within an
organization.

The same technology works outside the foru walls of an organization.

If two businesses have a relationship that involves the exchange of
DRM-protected documents, what happens when one party's retention
schedule calls for a shorter retention period than the other's? So
Company A creates a purchase order for a million widgets to be bought
from Company B. The purchase order is protected by the DRM system and
has a retention period on Company A's system of 90 days for some
reason. Company B gets the purchase order and ramps up production and
staffing to produce the million widgets. The widgets take a while to
produce and after 120 days, the million widgets are shipped, along with
a bill for Company A. Company A gets the widgets and the bill and calls
Company B to let them know that they ordered 1000 widgets, not 1
million. Company B says that the purchase order clearly states... uh
oh. Company A says that Company B must have entered the order
incorrectly. Company B says that they entered the order correctly and
it must have been Company A's mistake. The widgets, by the way, are a
custom item and cannot be used for anything else. I believe that some
lawyers are about to get rich.

So my concern is (and has been since the Disappearing Inc product first
came out) how two different companies find mutual ground on the
exchange of this sort of document? Do we need to agree upon
international standards for retention of DRM-protected documents? Do
companies need to negotiate records retention schedules for
DRM-protected documents?

Has anyone dealt with this issue yet?

Patrick Cunningham, CRM

--- Deidre Paknad <[log in to unmask]> wrote:

> The notion of using encryption to end the retention lifecycle of a
> document is an interesting one.  The document still exists physically
> although it is very very difficult (expensive) to open.  Is it
> therefore discoverable and what obligations if any might companies
> have to produce it in litigation?    If the keys exist somewhere
> (anywhere), then are there instances where that file must be
> collected and produced?  Certainly, the preservation and legal holds
> issues will be non-trivial in terms of managing the keys.   Disposal
> of keys rather than the file is sort of the opposite of the DoD
> erasure standard isn't it?

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US